Home » Categories » Products » NCPA » Installation

NCPA - How To Build NCPA From Source

 

Building NCPA From Source

This document describes how to build, install and configure Nagios Cross Platform Agent (NCPA) from source for use with Nagios Core/XI.

NCPA is available as a pre-built package available on the Downloads page.

This procedure is intended for Nagios administrators who have to use a source-based build method for NCPA, usually due to unsupported Linux distributions or security restrictions in corporate environments.

This guide is broken up into several sections and covers different Linux distributions and non-Linux operating systems.

NCPA 2.4.0 is the version included in the example steps. You will need to replace this with the version you have downloaded.

It is assumed that you are logged onto the machine you are installing NCPA as the root user, or a user with sufficient privileges. All of the steps below were tested on the operating systems (OS) listed after a clean install of the OS. Some OS's like Ubuntu and SUSE have stricter user permissions, in those cases the listed commands have sudo in front of them to ensure you are able to complete the steps. A best effort has been made to ensure if you follow all the relevant steps you will end up with a working installation of NCPA.

 
Important Information

The steps for "building" NCPA should be done on a dedicated OS that is NOT used in production. Once the build process has completed you will then have an installation package that can be used to install NCPA on your production OS's.

On some OS's (like CentOS 7) the build process will actually break built in components of the OS due to how Python packages are installed for the build process. The installer package that is created will not cause any issues on the production OS's you install it on, it is only the machine you build NCPA that will have broken OS components. It is recommended that you use virtual machines (VM) for your build processes as you can easily use snapshots to roll back or simply delete the VM once you are finished.

Please select your OS:

RHEL | CentOS | Oracle Linux

Important Information

Do NOT build NCPA on a production system, please read the Important Information section for information as to why.

Install Prerequisites

Most likely these packages are already installed.

yum install -y wget git

Downloading the Source

cd /tmp
wget --no-check-certificate -O ncpa.tar.gz https://github.com/NagiosEnterprises/ncpa/archive/v2.4.0.tar.gz
tar xzf ncpa.tar.gz

Install Required Packages and Build RPM

A script is provided to install all the required packages and build the RPM:

cd /tmp/ncpa-2.4.0/build/
./build.sh

This will generate an RPM file that can be used to install NCPA, for example:

  • ncpa-2.4.0-1.el7.x86_64.rpm

This was the last step required to be performed on the build OS. You will need to transfer the RPM file to the OS that you wish to install NCPA on.

Install RPM

These steps are to be performed on your production OS's that you wish to monitor with NCPA. You will need to transfer the RPM file from the build OS to your production OS's.

This step uses the RPM to install the binary files and the services:

===== CentOS 7.x | RHEL 7.x | Oracle Linux 7.x =====

rpm -Uvh ncpa-2.4.0-1.el7.x86_64.rpm

===== CentOS 8.x | RHEL 8.x | Oracle Linux 8.x =====

rpm -Uvh ncpa-2.4.0-1.el8.x86_64.rpm

Configure Firewall

Port 5693 is used by NCPA and needs to be opened on the local firewall.

===== CentOS 7.x +| RHEL 7.x +| Oracle Linux 7.x +=====

firewall-cmd --zone=public --add-port=5693/tcp
firewall-cmd --zone=public --add-port=5693/tcp --permanent

Configure NCPA

These steps show you how to configure NCPA for Active checks. If you require information on Passive checks please refer to the following documentation:

Documentation - Using NCPA For Passive Checks

The community_string is how you provide authorization to NCPA when connecting to it. It is defined in the /usr/local/ncpa/etc/ncpa.cfg file as follows:

[api]
community_string = mytoken

You need to change mytoken to something secure. The following command will change it to 3RuC3sR3PuS:

sed -i 's/^community_string =.*/community_string = 3RuC3sR3PuS/g' /usr/local/ncpa/etc/ncpa.cfg
		

Restart Service

You now need to restart the ncpa_listener service.

===== CentOS 7.x +| RHEL 7.x +| Oracle Linux 7.x +=====

systemctl restart ncpa_listener.service
		

Test NCPA

Now check that NCPA is listening and responding to requests.

/tmp/ncpa-2.4.0/client/check_ncpa.py -H localhost -t 3RuC3sR3PuS -M system/agent_version
		

You should see the output similar to the following:

OK: Agent_version was ['2.4.0']
		

If you get the NCPA version number (as shown above), NCPA is installed and configured correctly.

You can also open a web browser to the NCPA web interface on port 5693, for example https://10.25.13.1:5693 (you will need to replace that with the IP Address / DNS name of the machine with NCPA running). You will receive a certificate warning because this is a self signed certificate, more information on certificates is explained in the following KB article:

Documentation - Understanding Certificate Warnings

Service / Daemon Commands

Different Linux distributions have different methods of starting / stopping / restarting / status NCPA.

===== CentOS 7.x +| RHEL 7.x +| Oracle Linux 7.x +=====

systemctl start ncpa.service
systemctl stop ncpa.service
systemctl restart ncpa.service
systemctl status ncpa.service

Ubuntu

Important Information

Do NOT build NCPA on a production system, please read the Important Information section for information as to why.

Install Prerequisites

Most likely these packages are already installed.

sudo apt-get update
sudo apt-get install -y wget git

Downloading the Source

cd /tmp
wget --no-check-certificate -O ncpa.tar.gz https://github.com/NagiosEnterprises/ncpa/archive/v2.4.0.tar.gz
tar xzf ncpa.tar.gz

Install Required Packages and Build DEB

A script is provided to install all the required packages and build the DEB:

cd /tmp/ncpa-2.4.0/build/
./build.sh
 

This will generate an DEB file that can be used to install NCPA, for example:

  • ncpa_2.4.0-1_amd64.deb

This was the last step required to be performed on the build OS. You will need to transfer the DEB file to the OS that you wish to install NCPA on.

Install DEB

These steps are to be performed on your production OS's that you wish to monitor with NCPA. You will need to transfer the DEB file from the build OS to your production OS's.

This step uses the DEB to install the binary files and the services:

i386

sudo apt install -y ./ncpa_2.4.0-1_i386.deb
		

amd64

sudo apt install -y ./ncpa_2.4.0-1_amd64.deb
		

Configure Firewall

Port 5693 is used by NCPA and needs to be opened on the local firewall.

sudo mkdir -p /etc/ufw/applications.d
sudo sh -c "echo '[NCPA]' > /etc/ufw/applications.d/ncpa"
sudo sh -c "echo 'title=Nagios Cross Platform Agent' >> /etc/ufw/applications.d/ncpa"
sudo sh -c "echo 'description=A single monitoring agent that installs on all major operating systems' >> /etc/ufw/applications.d/ncpa"
sudo sh -c "echo 'ports=5693/tcp' >> /etc/ufw/applications.d/ncpa"
sudo ufw allow NCPA
sudo ufw reload

Configure NCPA

These steps show you how to configure NCPA for Active checks. If you require information on Passive checks please refer to the following documentation:

Documentation - Using NCPA For Passive Checks

The community_string is how you provide authorization to NCPA when connecting to it. It is defined in the /usr/local/ncpa/etc/ncpa.cfg file as follows:

[api]
community_string = mytoken

You need to change mytoken to something secure. The following command will change it to 3RuC3sR3PuS:

sudo sh -c "sed -i 's/^community_string =.*/community_string = 3RuC3sR3PuS/g' /usr/local/ncpa/etc/ncpa.cfg"
		

Restart Service

You now need to restart the ncpa_listener service.

===== 15.x / 16.x / 17.x +=====

sudo systemctl restart ncpa_listener.service
		

Test NCPA

Now check that NCPA is listening and responding to requests.

/tmp/ncpa-2.4.0/client/check_ncpa.py -H localhost -t 3RuC3sR3PuS -M system/agent_version
		

You should see the output similar to the following:

OK: Agent_version was ['2.4.0']
		

If you get the NCPA version number (as shown above), NCPA is installed and configured correctly.

You can also open a web browser to the NCPA web interface on port 5693, for example https://10.25.13.1:5693 (you will need to replace that with the IP Address / DNS name of the machine with NCPA running). You will receive a certificate warning because this is a self signed certificate, more information on certificates is explained in the following KB article:

Documentation - Understanding Certificate Warnings

Service / Daemon Commands

Different Linux distributions have different methods of starting / stopping / restarting / status NCPA.

===== 15.x / 16.x / 17.x +=====

sudo systemctl start ncpa_listener.service
sudo systemctl stop ncpa_listener.service
sudo systemctl restart ncpa_listener.service
sudo systemctl status ncpa_listener.service

SUSE SLES | openSUSE Leap

Important Information

Do NOT build NCPA on a production system, please read the Important Information section for information as to why.

Install Prerequisites

Make sure that you have the following packages installed.

===== SUSE SLES 11.3 =====

cd /tmp
wget 'https://nu.novell.com/repo/$RCE/SLE11-SDK-SP3-Pool/sle-11-x86_64/rpm/x86_64/sle-sdk-release-11.3-1.69.x86_64.rpm'
wget 'https://nu.novell.com/repo/$RCE/SLE11-SDK-SP3-Pool/sle-11-x86_64/rpm/x86_64/sle-sdk-release-SDK-11.3-1.69.x86_64.rpm'
sudo rpm -ivh sle-sdk-release-*
sudo suse_register
sudo zypper --non-interactive install gcc make libopenssl-devel zlib zlib-devel sqlite3 sqlite3-devel libffi-devel rpm-build wget git

===== SUSE SLES 11.4 =====

cd /tmp
wget 'https://nu.novell.com/repo/$RCE/SLE11-SDK-SP4-Pool/sle-11-x86_64/rpm/x86_64/sle-sdk-release-11.4-1.55.x86_64.rpm'
wget 'https://nu.novell.com/repo/$RCE/SLE11-SDK-SP4-Pool/sle-11-x86_64/rpm/x86_64/sle-sdk-release-SDK-11.4-1.55.x86_64.rpm'
sudo rpm -ivh sle-sdk-release-*
sudo suse_register
sudo zypper --non-interactive install gcc make libopenssl-devel zlib zlib-devel sqlite3 sqlite3-devel libffi-devel rpm-build wget git

===== SUSE SLES 12 =====

sudo SUSEConnect -p sle-sdk/12/x86_64
sudo SUSEConnect -p sle-module-web-scripting/12/x86_64
sudo zypper --non-interactive install gcc make libopenssl-devel zlib zlib-devel sqlite3 sqlite3-devel libffi-devel rpm-build wget git

===== SUSE SLES 12.1 =====

sudo SUSEConnect -p sle-sdk/12.1/x86_64
sudo SUSEConnect -p sle-module-web-scripting/12/x86_64
sudo zypper --non-interactive install gcc make libopenssl-devel zlib zlib-devel sqlite3 sqlite3-devel libffi-devel rpm-build wget git

===== SUSE SLES 12.2 =====

sudo SUSEConnect -p sle-sdk/12.2/x86_64
sudo SUSEConnect -p sle-module-web-scripting/12/x86_64
sudo zypper --non-interactive install gcc make libopenssl-devel zlib zlib-devel sqlite3 sqlite3-devel libffi-devel rpm-build wget git

===== SUSE SLES 12.3 =====

sudo SUSEConnect -p sle-sdk/12.3/x86_64
sudo SUSEConnect -p sle-module-web-scripting/12/x86_64
sudo zypper --non-interactive install gcc make libopenssl-devel zlib zlib-devel sqlite3 sqlite3-devel libffi-devel rpm-build wget git

===== openSUSE Leap 42.x =====

sudo zypper --non-interactive install gcc make libopenssl-devel zlib zlib-devel sqlite3 sqlite3-devel libffi-devel rpm-build wget git
		

Downloading the Source

cd /tmp
wget --no-check-certificate -O ncpa.tar.gz https://github.com/NagiosEnterprises/ncpa/archive/v2.4.0.tar.gz
tar xzf ncpa.tar.gz

Install Required Packages and Build RPM

A script is provided to install all the required packages and build the RPM:

cd /tmp/ncpa-2.4.0/build/
./build.sh
 

This will generate an RPM file that can be used to install NCPA, for example:

  • ncpa-2.4.0-1.x86_64.rpm

This was the last step required to be performed on the build OS. You will need to transfer the RPM file to the OS that you wish to install NCPA on.

Install RPM

These steps are to be performed on your production OS's that you wish to monitor with NCPA. You will need to transfer the RPM file from the build OS to your production OS's.

This step uses the RPM to install the binary files and the services:

sudo rpm -Uvh ncpa-2.4.0-1.x86_64.rpm
		


 

Configure Firewall

Port 5693 is used by NCPA and needs to be opened on the local firewall.

===== SUSE SLES 11.x =====

sudo sed -i '/FW_SERVICES_EXT_TCP=/s/\"$/\ 5693\"/' /etc/sysconfig/SuSEfirewall2
sudo /sbin/service SuSEfirewall2_init restart
sudo /sbin/service SuSEfirewall2_setup restart

===== SUSE SLES 12.x =====

sudo /usr/sbin/SuSEfirewall2 open EXT TCP 5693
sudo systemctl restart SuSEfirewall2.service

===== openSUSE Leap 42.x =====

The firewall is not enabled by default / allows port 5693.

Configure NCPA

These steps show you how to configure NCPA for Active checks. If you require information on Passive checks please refer to the following documentation:

Documentation - Using NCPA For Passive Checks

The community_string is how you provide authorization to NCPA when connecting to it. It is defined in the /usr/local/ncpa/etc/ncpa.cfg file as follows:

[api]
community_string = mytoken

You need to change mytoken to something secure. The following command will change it to 3RuC3sR3PuS:

sudo sh -c "sed -i 's/^community_string =.*/community_string = 3RuC3sR3PuS/g' /usr/local/ncpa/etc/ncpa.cfg"
		

Restart Service

You now need to restart the ncpa_listener service.

===== SUSE SLES 11.x =====

sudo /sbin/service ncpa_listener restart
		

===== SUSE SLES 12.x | openSUSE Leap 42.x =====

sudo systemctl restart ncpa_listener.service
		

Test NCPA

Now check that NCPA is listening and responding to requests.

/tmp/ncpa-2.4.0/client/check_ncpa.py -H localhost -t 3RuC3sR3PuS -M system/agent_version
		

You should see the output similar to the following:

OK: Agent_version was ['2.4.0']
		

If you get the NCPA version number (as shown above), NCPA is installed and configured correctly.

You can also open a web browser to the NCPA web interface on port 5693, for example https://10.25.13.1:5693 (you will need to replace that with the IP Address / DNS name of the machine with NCPA running). You will receive a certificate warning because this is a self signed certificate, more information on certificates is explained in the following KB article:

Documentation - Understanding Certificate Warnings

Service / Daemon Commands

Different Linux distributions have different methods of starting / stopping / restarting / status NCPA.

===== SUSE SLES 11.x =====

sudo /sbin/service ncpa_listener start
sudo /sbin/service ncpa_listener stop
sudo /sbin/service ncpa_listener restart
sudo /sbin/service ncpa_listener status

 

===== SUSE SLES 12.x | openSUSE Leap 42.x =====

sudo systemctl start ncpa_listener.service
sudo systemctl stop ncpa_listener.service
sudo systemctl restart ncpa_listener.service
sudo systemctl status ncpa_listener.service

Debian

Important Information

Do NOT build NCPA on a production system, please read the Important Information section for information as to why.

 All steps on Debian require to run as root. To become root simply run:

Debian:

su

All commands from this point onwards will be as root.

Install Prerequisites

Most likely these packages are already installed.

apt-get update
apt-get install -y wget git

Downloading the Source

cd /tmp
wget --no-check-certificate -O ncpa.tar.gz https://github.com/NagiosEnterprises/ncpa/archive/v2.4.0.tar.gz
tar xzf ncpa.tar.gz

Install Required Packages and Build DEB

A script is provided to install all the required packages and build the DEB:

cd /tmp/ncpa-2.4.0/build/
./build.sh
 

This will generate an DEB file that can be used to install NCPA, for example:

  • ncpa_2.4.0-1_amd64.deb

This was the last step required to be performed on the build OS. You will need to transfer the DEB file to the OS that you wish to install NCPA on.

Install DEB

These steps are to be performed on your production OS's that you wish to monitor with NCPA. You will need to transfer the DEB file from the build OS to your production OS's.

This step uses the DEB to install the binary files and the services:

i386

dpkg -i ./ncpa_2.4.0-1_i386.deb
		

amd64

dpkg -i ./ncpa_2.4.0-1_amd64.deb
		

Configure Firewall

Port 5693 is used by NCPA and needs to be opened on the local firewall.

iptables -I INPUT -p tcp --destination-port 5693 -j ACCEPT
apt-get install -y iptables-persistent
Answer yes to saving existing rules

Configure NCPA

These steps show you how to configure NCPA for Active checks. If you require information on Passive checks please refer to the following documentation:

Documentation - Using NCPA For Passive Checks

The community_string is how you provide authorization to NCPA when connecting to it. It is defined in the /usr/local/ncpa/etc/ncpa.cfg file as follows:

[api]
community_string = mytoken

You need to change mytoken to something secure. The following command will change it to 3RuC3sR3PuS:

sed -i 's/^community_string =.*/community_string = 3RuC3sR3PuS/g' /usr/local/ncpa/etc/ncpa.cfg
		

Restart Service

You now need to restart the ncpa_listener service.


===== 8.x / 9.x +=====

systemctl restart ncpa_listener.service
		

Test NCPA

Now check that NCPA is listening and responding to requests.

/tmp/ncpa-2.4.0/client/check_ncpa.py -H localhost -t 3RuC3sR3PuS -M system/agent_version
		

You should see the output similar to the following:

OK: Agent_version was ['2.4.0']
		

If you get the NCPA version number (as shown above), NCPA is installed and configured correctly.

You can also open a web browser to the NCPA web interface on port 5693, for example https://10.25.13.1:5693 (you will need to replace that with the IP Address / DNS name of the machine with NCPA running). You will receive a certificate warning because this is a self signed certificate, more information on certificates is explained in the following KB article:

Documentation - Understanding Certificate Warnings

Service / Daemon Commands

Different Linux distributions have different methods of starting / stopping / restarting / status NCPA.

 

===== 8.x / 9.x =====

systemctl start ncpa_listener.service
systemctl stop ncpa_listener.service
systemctl restart ncpa_listener.service
systemctl status ncpa_listener.service

Fedora

Important Information

Do NOT build NCPA on a production system, please read the Important Information section for information as to why.

Install Prerequisites

The following packages need to be installed:

dnf install -y gcc make zlib zlib-devel openssl openssl-devel libsq3 libsq3-devel libffi-devel rpm-build wget git

Downloading the Source

cd /tmp
wget --no-check-certificate -O ncpa.tar.gz https://github.com/NagiosEnterprises/ncpa/archive/v2.4.0.tar.gz
tar xzf ncpa.tar.gz

Install Required Packages and Build RPM

A script is provided to install all the required packages and build the RPM:

cd /tmp/ncpa-2.4.0/build/
./build.sh
 

This will generate an RPM file that can be used to install NCPA, for example:

  • ncpa-2.4.0-1.fc25.i686.rpm
  • ncpa-2.4.0-1.fc26.x86_64.rpm

This was the last step required to be performed on the build OS. You will need to transfer the RPM file to the OS that you wish to install NCPA on.

Install RPM

These steps are to be performed on your production OS's that you wish to monitor with NCPA. You will need to transfer the RPM file from the build OS to your production OS's.

This step uses the RPM to install the binary files and the services:

i686

rpm -Uvh ncpa-2.4.0-1.fc25.i686.rpm
		

x86_64

rpm -Uvh ncpa-2.4.0-1.fc26.x86_64.rpm
		

Configure Firewall

Port 5693 is used by NCPA and needs to be opened on the local firewall.

firewall-cmd --zone=public --add-port=5693/tcp
firewall-cmd --zone=public --add-port=5693/tcp --permanent

Configure NCPA

These steps show you how to configure NCPA for Active checks. If you require information on Passive checks please refer to the following documentation:

Documentation - Using NCPA For Passive Checks

The community_string is how you provide authorization to NCPA when connecting to it. It is defined in the /usr/local/ncpa/etc/ncpa.cfg file as follows:

[api]
community_string = mytoken

You need to change mytoken to something secure. The following command will change it to 3RuC3sR3PuS:

sed -i 's/^community_string =.*/community_string = 3RuC3sR3PuS/g' /usr/local/ncpa/etc/ncpa.cfg
		

Restart Service

You now need to restart the ncpa_listener service.

systemctl restart ncpa_listener.service
		

Test NCPA

Now check that NCPA is listening and responding to requests.

/tmp/ncpa-2.4.0/client/check_ncpa.py -H localhost -t 3RuC3sR3PuS -M system/agent_version
		

You should see the output similar to the following:

OK: Agent_version was ['2.4.0']
		

If you get the NCPA version number (as shown above), NCPA is installed and configured correctly.

You can also open a web browser to the NCPA web interface on port 5693, for example https://10.25.13.1:5693 (you will need to replace that with the IP Address / DNS name of the machine with NCPA running). You will receive a certificate warning because this is a self signed certificate, more information on certificates is explained in the following KB article:

Documentation - Understanding Certificate Warnings

Service / Daemon Commands

These commands are for starting / stopping / restarting / status of NCPA.

systemctl start ncpa.service
systemctl stop ncpa.service
systemctl restart ncpa.service
systemctl status ncpa.service

Arch Linux

Important Information

Do NOT build NCPA on a production system, please read the Important Information section for information as to why.

Install Prerequisites

The following packages need to be installed:

pacman --noconfirm -Syyu
pacman --noconfirm -S gcc make zlib openssl sqlite3 libffi wget git

Downloading the Source

cd /tmp
wget --no-check-certificate -O ncpa.tar.gz https://github.com/NagiosEnterprises/ncpa/archive/v2.4.0.tar.gz
tar xzf ncpa.tar.gz

Install Required Packages and Build Tarball

A script is provided to install all the required packages and build the Tarball:

cd /tmp/ncpa-2.4.0/build/
./build.sh
 

This will generate an tarball file that can be used to install NCPA, for example:

  • ncpa-2.4.0.tar.gz

This was the last step required to be performed on the build OS. You will need to transfer the tarball file to the OS that you wish to install NCPA on.

Install Tarball

These steps are to be performed on your production OS's that you wish to monitor with NCPA. You will need to transfer the tarball file from the build OS to your production OS's.

This step uses the tarball to install the binary files and the services:

mkdir -p /usr/local/ncpa
tar xzf ncpa-2.4.0.tar.gz -C /usr/local/ncpa/ --strip-components 1
chown -R nagios:nagios /usr/local/ncpa

Create Services

Arch Linux requires us to create the service unit files, the following commands will do this.

ncpa_listener

cd /usr/lib/systemd/system/
echo "[Unit]" > ncpa_listener.service
echo "Description=Nagios Cross-Platorm Agent Listener" >> ncpa_listener.service
echo "After=network.target" >> ncpa_listener.service
echo "" >> ncpa_listener.service
echo "[Service]" >> ncpa_listener.service
echo "Type=forking" >> ncpa_listener.service
echo "RemainAfterExit=yes" >> ncpa_listener.service
echo "ExecStart=/usr/local/ncpa/ncpa_listener --start -c /usr/local/ncpa/etc/ncpa.cfg" >> ncpa_listener.service
echo "ExecStop=/usr/local/ncpa/ncpa_listener --stop" >> ncpa_listener.service
echo "" >> ncpa_listener.service
echo "[Install]" >> ncpa_listener.service
echo "WantedBy=multi-user.target" >> ncpa_listener.service

systemctl enable ncpa_listener.service

ncpa_passive

cd /usr/lib/systemd/system/
echo "[Unit]" > ncpa_passive.service
echo "Description=Nagios Cross-Platorm Agent Passive" >> ncpa_passive.service
echo "After=network.target" >> ncpa_passive.service
echo "" >> ncpa_passive.service
echo "[Service]" >> ncpa_passive.service
echo "Type=forking" >> ncpa_passive.service
echo "RemainAfterExit=yes" >> ncpa_passive.service
echo "ExecStart=/usr/local/ncpa/ncpa_passive --start -c /usr/local/ncpa/etc/ncpa.cfg" >> ncpa_passive.service
echo "ExecStop=/usr/local/ncpa/ncpa_passive --stop" >> ncpa_passive.service
echo "" >> ncpa_passive.service
echo "[Install]" >> ncpa_passive.service
echo "WantedBy=multi-user.target" >> ncpa_passive.service

systemctl enable ncpa_passive.service

Configure Firewall

Arch Linux does not have a firewall enabled in a fresh installation. Please refer to the Arch Linux documentation on allowing TCP port 5693 inbound.
 

Configure NCPA

These steps show you how to configure NCPA for Active checks. If you require information on Passive checks please refer to the following documentation:

Documentation - Using NCPA For Passive Checks

The community_string is how you provide authorization to NCPA when connecting to it. It is defined in the /usr/local/ncpa/etc/ncpa.cfg file as follows:

[api]
community_string = mytoken

You need to change mytoken to something secure. The following command will change it to 3RuC3sR3PuS:

sed -i 's/^community_string =.*/community_string = 3RuC3sR3PuS/g' /usr/local/ncpa/etc/ncpa.cfg
		

Start Service

systemctl start ncpa_listener.service
		

Test NCPA

Now check that NCPA is listening and responding to requests.

/tmp/ncpa-2.4.0/client/check_ncpa.py -H localhost -t 3RuC3sR3PuS -M system/agent_version
		

You should see the output similar to the following:

OK: Agent_version was ['2.4.0']
		

If you get the NCPA version number (as shown above), NCPA is installed and configured correctly.

You can also open a web browser to the NCPA web interface on port 5693, for example https://10.25.13.1:5693 (you will need to replace that with the IP Address / DNS name of the machine with NCPA running). You will receive a certificate warning because this is a self signed certificate, more information on certificates is explained in the following KB article:

Documentation - Understanding Certificate Warnings

Service / Daemon Commands

These commands are for starting / stopping / restarting / status of NCPA.

systemctl start ncpa.service
systemctl stop ncpa.service
systemctl restart ncpa.service
systemctl status ncpa.service

Gentoo

Important Information

Do NOT build NCPA on a production system, please read the Important Information section for information as to why.

NCPA v2.x requires Python v2.7. It's most likely you will have Python 2.7 & 3 installed on your system by default. In Gentoo you are required to modify the build scripts to make everything work. The steps below will work on an openrc or systemd Gentoo installation, specific steps are indicated where applicable.

Install Prerequisites

The following packages need to be installed:

emerge --noreplace sys-devel/gcc sys-libs/zlib dev-libs/openssl dev-libs/libffi net-misc/wget dev-vcs/git
echo "dev-lang/python sqlite" >> /etc/portage/package.use/python.use
emerge dev-lang/python

Downloading the Source

cd /tmp
wget --no-check-certificate -O ncpa.tar.gz https://github.com/NagiosEnterprises/ncpa/archive/v2.4.0.tar.gz
tar xzf ncpa.tar.gz

Install Required Packages and Build Tarball

A script is provided to install all the required packages and build the Tarball:

cd /tmp/ncpa-2.4.0/build/
./build.sh
 

This will generate an tarball file that can be used to install NCPA, for example:

  • ncpa-2.4.0.tar.gz

This was the last step required to be performed on the build OS. You will need to transfer the tarball file to the OS that you wish to install NCPA on.

Install Tarball

These steps are to be performed on your production OS's that you wish to monitor with NCPA. You will need to transfer the tarball file from the build OS to your production OS's.

This step uses the tarball to install the binary files and the services:

mkdir -p /usr/local/ncpa
tar xzf ncpa-2.4.0.tar.gz -C /usr/local/ncpa/ --strip-components 1
chown -R nagios:nagios /usr/local/ncpa

Create Services

Gentoo requires us to create the service unit files, the following commands will do this. These are separate sections below for init and systemd.

===== openrc ======

ncpa_listener

cd /etc/init.d/
echo '#!/sbin/openrc-run' > ncpa_listener
echo 'NCPA_BIN="/usr/local/ncpa/ncpa_listener"' >> ncpa_listener
echo '' >> ncpa_listener
echo 'depend() {' >> ncpa_listener
echo '    use logger dns net localmount netmount nfsmount' >> ncpa_listener
echo '}' >> ncpa_listener
echo '' >> ncpa_listener
echo 'start() {' >> ncpa_listener
echo ' ebegin "Starting ncpa listener"' >> ncpa_listener
echo ' cd /' >> ncpa_listener
echo '    start-stop-daemon --start --exec $NCPA_BIN --background' >> ncpa_listener
echo ' eend $?' >> ncpa_listener
echo '}' >> ncpa_listener
echo '' >> ncpa_listener
echo 'stop() {' >> ncpa_listener
echo ' ebegin "Stopping ncpa listener"' >> ncpa_listener
echo ' start-stop-daemon --stop --exec $NCPA_BIN' >> ncpa_listener
echo ' eend $?' >> ncpa_listener
echo '}' >> ncpa_listener

chmod +x ncpa_listener
rc-update add ncpa_listener default

ncpa_passive

cd /etc/init.d/
echo '#!/sbin/openrc-run' > ncpa_passive
echo 'NCPA_BIN="/usr/local/ncpa/ncpa_listener"' >> ncpa_passive
echo '' >> ncpa_passive
echo 'depend() {' >> ncpa_passive
echo ' use logger dns net localmount netmount nfsmount' >> ncpa_passive
echo '}' >> ncpa_passive
echo '' >> ncpa_passive
echo 'start() {' >> ncpa_passive
echo '    ebegin "Starting ncpa passive"' >> ncpa_passive
echo '    cd /' >> ncpa_passive
echo '    start-stop-daemon --start --exec $NCPA_BIN --background' >> ncpa_passive
echo '    eend $?' >> ncpa_passive
echo '}' >> ncpa_passive
echo '' >> ncpa_passive
echo 'stop() {' >> ncpa_passive
echo '    ebegin "Stopping ncpa passive"' >> ncpa_passive
echo '    start-stop-daemon --stop --exec $NCPA_BIN' >> ncpa_passive
echo '    eend $?' >> ncpa_passive
echo '}' >> ncpa_passive

chmod +x ncpa_passive
rc-update add ncpa_passive default

===== systemd ======

ncpa_listener

cd /usr/lib/systemd/system/
echo "[Unit]" > ncpa_listener.service
echo "Description=Nagios Cross-Platorm Agent Listener" >> ncpa_listener.service
echo "After=network.target" >> ncpa_listener.service
echo "" >> ncpa_listener.service
echo "[Service]" >> ncpa_listener.service
echo "Type=forking" >> ncpa_listener.service
echo "RemainAfterExit=yes" >> ncpa_listener.service
echo "ExecStart=/usr/local/ncpa/ncpa_listener --start -c /usr/local/ncpa/etc/ncpa.cfg" >> ncpa_listener.service
echo "ExecStop=/usr/local/ncpa/ncpa_listener --stop" >> ncpa_listener.service
echo "" >> ncpa_listener.service
echo "[Install]" >> ncpa_listener.service
echo "WantedBy=multi-user.target" >> ncpa_listener.service

systemctl enable ncpa_listener.service

ncpa_passive

cd /usr/lib/systemd/system/
echo "[Unit]" > ncpa_passive.service
echo "Description=Nagios Cross-Platorm Agent Passive" >> ncpa_passive.service
echo "After=network.target" >> ncpa_passive.service
echo "" >> ncpa_passive.service
echo "[Service]" >> ncpa_passive.service
echo "Type=forking" >> ncpa_passive.service
echo "RemainAfterExit=yes" >> ncpa_passive.service
echo "ExecStart=/usr/local/ncpa/ncpa_passive --start -c /usr/local/ncpa/etc/ncpa.cfg" >> ncpa_passive.service
echo "ExecStop=/usr/local/ncpa/ncpa_passive --stop" >> ncpa_passive.service
echo "" >> ncpa_passive.service
echo "[Install]" >> ncpa_passive.service
echo "WantedBy=multi-user.target" >> ncpa_passive.service

systemctl enable ncpa_passive.service

Configure Firewall

Gentoo does not have a firewall enabled in a fresh installation. Please refer to the Arch Linux documentation on allowing TCP port 5666 inbound.

Configure NCPA

These steps show you how to configure NCPA for Active checks. If you require information on Passive checks please refer to the following documentation:

Documentation - Using NCPA For Passive Checks

The community_string is how you provide authorization to NCPA when connecting to it. It is defined in the /usr/local/ncpa/etc/ncpa.cfg file as follows:

[api]
community_string = mytoken

You need to change mytoken to something secure. The following command will change it to 3RuC3sR3PuS:

sed -i 's/^community_string =.*/community_string = 3RuC3sR3PuS/g' /usr/local/ncpa/etc/ncpa.cfg
		

Start Service

===== openrc =====

rc-service ncpa_listener start
		

===== systemd =====

systemctl start ncpa_listener.service
		

Test NCPA

Now check that NCPA is listening and responding to requests.

/tmp/ncpa-2.4.0/client/check_ncpa.py -H localhost -t 3RuC3sR3PuS -M system/agent_version
		

You should see the output similar to the following:

OK: Agent_version was ['2.4.0']
		

If you get the NCPA version number (as shown above), NCPA is installed and configured correctly.

You can also open a web browser to the NCPA web interface on port 5693, for example https://10.25.13.1:5693 (you will need to replace that with the IP Address / DNS name of the machine with NCPA running). You will receive a certificate warning because this is a self signed certificate, more information on certificates is explained in the following KB article:

Documentation - Understanding Certificate Warnings

Service / Daemon Commands

Different Linux distributions have different methods of starting / stopping / restarting / status NCPA.

===== openrc =====

rc-service ncpa_listener start
rc-service ncpa_listener stop
rc-service ncpa_listener restart
rc-service ncpa_listener status

===== systemd =====

systemctl start ncpa_listener.service
systemctl stop ncpa_listener.service
systemctl restart ncpa_listener.service
systemctl status ncpa_listener.service

FreeBSD

Important Information

Do NOT build NCPA on a production system, please read the Important Information section for information as to why.

Install Prerequisites

The following packages need to be installed:

pkg install -y wget git bash gmake openssl python27 cx_freeze py27-sqlite3 

Downloading the Source

cd /tmp
wget --no-check-certificate -O ncpa.tar.gz https://github.com/NagiosEnterprises/ncpa/archive/v2.4.0.tar.gz
tar xzf ncpa.tar.gz

Install Required Packages and Build Tarball

A script is provided to install all the required packages and build the Tarball:

cd /tmp/ncpa-2.4.0/build/
./build.sh
 

This will generate an tarball file that can be used to install NCPA, for example:

  • ncpa-2.4.0.tar.gz

This was the last step required to be performed on the build OS. You will need to transfer the tarball file to the OS that you wish to install NCPA on.

Install Tarball

These steps are to be performed on your production OS's that you wish to monitor with NCPA. You will need to transfer the tarball file from the build OS to your production OS's.

This step uses the tarball to install the binary files:

pw useradd -n nagios
mkdir -p /usr/local/ncpa
tar xzf ncpa-2.4.0.tar.gz -C /usr/local/ncpa/ --strip-components 1
chown -R nagios:nagios /usr/local/ncpa

Install Services

Two service files need to be created using the following commands:

/usr/local/etc/rc.d/ncpa_listener

cd /usr/local/etc/rc.d/
printf '#\!/bin/sh\n' > ncpa_listener
printf '. /etc/rc.subr\n' >> ncpa_listener
printf 'name="ncpa_listener"\n' >> ncpa_listener
printf "start_cmd='/usr/local/ncpa/ncpa_listener --start'\n" >> ncpa_listener
printf "stop_cmd='/usr/local/ncpa/ncpa_listener --stop'\n" >> ncpa_listener
printf 'load_rc_config $name\n' >> ncpa_listener
printf 'run_rc_command "$1"\n' >> ncpa_listener
chmod +x ncpa_listener
echo '/usr/local/etc/rc.d/ncpa_listener start' >> /etc/rc.local

/usr/local/etc/rc.d/ncpa_passive

cd /usr/local/etc/rc.d/
printf '#\!/bin/sh\n' > ncpa_passive
printf '. /etc/rc.subr\n' >> ncpa_passive
printf 'name="ncpa_passive"\n' >> ncpa_passive
printf "start_cmd='/usr/local/ncpa/ncpa_passive --start'\n" >> ncpa_passive
printf "stop_cmd='/usr/local/ncpa/ncpa_passive --stop'\n" >> ncpa_passive
printf 'load_rc_config $name\n' >> ncpa_passive
printf 'run_rc_command "$1"\n' >> ncpa_passive
chmod +x ncpa_passive
echo '/usr/local/etc/rc.d/ncpa_passive start' >> /etc/rc.local

Configure Firewall

Please refer to the FreeBSD documentation for information on how to enable or configure IP Filter to allow TCP port 5693 inbound.

Documentation - Firewalls
 

Configure NCPA

These steps show you how to configure NCPA for Active checks. If you require information on Passive checks please refer to the following documentation:

Documentation - Using NCPA For Passive Checks

The community_string is how you provide authorization to NCPA when connecting to it. It is defined in the /usr/local/ncpa/etc/ncpa.cfg file as follows:

[api]
community_string = mytoken

You need to change mytoken to something secure. The following command will change it to 3RuC3sR3PuS:

sed -i '' 's/^community_string =.*/community_string = 3RuC3sR3PuS/g' /usr/local/ncpa/etc/ncpa.cfg
		

Start Service

You now need to start the ncpa_listener service.

service ncpa_listener start

Test NCPA

Now check that NCPA is listening and responding to requests.

/tmp/ncpa-2.4.0/client/check_ncpa.py -H localhost -t 3RuC3sR3PuS -M system/agent_version
		

You should see the output similar to the following:

OK: Agent_version was ['2.4.0']
		

If you get the NCPA version number (as shown above), NCPA is installed and configured correctly.

You can also open a web browser to the NCPA web interface on port 5693, for example https://10.25.13.1:5693 (you will need to replace that with the IP Address / DNS name of the machine with NCPA running). You will receive a certificate warning because this is a self signed certificate, more information on certificates is explained in the following KB article:

Documentation - Understanding Certificate Warnings

Service / Daemon Commands

Different Linux distributions have different methods of starting / stopping / restarting / status NCPA.

service ncpa_listener start
service ncpa_listener stop
service ncpa_listener restart
0 (0)
Article Rating (No Votes)
Rate this article
  • Icon PDFExport to PDF
  • Icon MS-WordExport to MS Word
Attachments Attachments
There are no attachments for this article.
Related Articles RSS Feed
Nagios XI - How To Monitor Devices Using The NCPA Agent and Wizard
Viewed 12408 times since Thu, Jan 28, 2016
NCPA - Agent Installation Instructions
Viewed 22549 times since Mon, Jul 27, 2015